This project has retired. For details please refer to its Attic page.
DefaultLoginService xref
View Javadoc

1   package org.apache.archiva.redback.rest.services;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   * http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.archiva.redback.authentication.AuthenticationConstants;
23  import org.apache.archiva.redback.authentication.AuthenticationException;
24  import org.apache.archiva.redback.authentication.AuthenticationFailureCause;
25  import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
26  import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;
27  import org.apache.archiva.redback.keys.AuthenticationKey;
28  import org.apache.archiva.redback.keys.KeyManager;
29  import org.apache.archiva.redback.keys.jdo.JdoAuthenticationKey;
30  import org.apache.archiva.redback.keys.memory.MemoryAuthenticationKey;
31  import org.apache.archiva.redback.keys.memory.MemoryKeyManager;
32  import org.apache.archiva.redback.policy.AccountLockedException;
33  import org.apache.archiva.redback.policy.MustChangePasswordException;
34  import org.apache.archiva.redback.rest.api.model.ErrorMessage;
35  import org.apache.archiva.redback.rest.api.model.LoginRequest;
36  import org.apache.archiva.redback.rest.api.model.User;
37  import org.apache.archiva.redback.rest.api.services.LoginService;
38  import org.apache.archiva.redback.rest.api.services.RedbackServiceException;
39  import org.apache.archiva.redback.system.SecuritySession;
40  import org.apache.archiva.redback.system.SecuritySystem;
41  import org.apache.archiva.redback.users.UserManagerException;
42  import org.apache.archiva.redback.users.UserNotFoundException;
43  import org.slf4j.Logger;
44  import org.slf4j.LoggerFactory;
45  import org.springframework.stereotype.Service;
46  
47  import javax.inject.Inject;
48  import javax.inject.Named;
49  import javax.servlet.http.HttpServletRequest;
50  import javax.servlet.http.HttpSession;
51  import javax.ws.rs.core.Context;
52  import javax.ws.rs.core.Response;
53  import java.util.ArrayList;
54  import java.util.Arrays;
55  import java.util.Calendar;
56  import java.util.List;
57  import java.util.Map;
58  import java.util.TimeZone;
59  
60  /**
61   * @author Olivier Lamy
62   * @since 1.3
63   */
64  @Service( "loginService#rest" )
65  public class DefaultLoginService
66      implements LoginService
67  {
68  
69      private Logger log = LoggerFactory.getLogger( getClass() );
70  
71      private SecuritySystem securitySystem;
72  
73      private HttpAuthenticator httpAuthenticator;
74  
75      @Context
76      private HttpServletRequest httpServletRequest;
77  
78      @Inject
79      public DefaultLoginService( SecuritySystem securitySystem,
80                                  @Named( "httpAuthenticator#basic" ) HttpAuthenticator httpAuthenticator )
81      {
82          this.securitySystem = securitySystem;
83          this.httpAuthenticator = httpAuthenticator;
84      }
85  
86  
87      public String addAuthenticationKey( String providedKey, String principal, String purpose, int expirationMinutes )
88          throws RedbackServiceException
89      {
90          KeyManager keyManager = securitySystem.getKeyManager();
91          AuthenticationKey key;
92  
93          if ( keyManager instanceof MemoryKeyManager )
94          {
95              key = new MemoryAuthenticationKey();
96          }
97          else
98          {
99              key = new JdoAuthenticationKey();
100         }
101 
102         key.setKey( providedKey );
103         key.setForPrincipal( principal );
104         key.setPurpose( purpose );
105 
106         Calendar now = getNowGMT();
107         key.setDateCreated( now.getTime() );
108 
109         if ( expirationMinutes >= 0 )
110         {
111             Calendar expiration = getNowGMT();
112             expiration.add( Calendar.MINUTE, expirationMinutes );
113             key.setDateExpires( expiration.getTime() );
114         }
115 
116         keyManager.addKey( key );
117 
118         return key.getKey();
119     }
120 
121     public Boolean ping()
122         throws RedbackServiceException
123     {
124         return Boolean.TRUE;
125     }
126 
127     public Boolean pingWithAutz()
128         throws RedbackServiceException
129     {
130         return Boolean.TRUE;
131     }
132 
133     public User logIn( LoginRequest loginRequest )
134         throws RedbackServiceException
135     {
136         String userName = loginRequest.getUsername(), password = loginRequest.getPassword();
137         PasswordBasedAuthenticationDataSource authDataSource =
138             new PasswordBasedAuthenticationDataSource( userName, password );
139         try
140         {
141             SecuritySession securitySession = securitySystem.authenticate( authDataSource );
142             if ( securitySession.getAuthenticationResult().isAuthenticated() )
143             {
144                 org.apache.archiva.redback.users.User user = securitySession.getUser();
145                 if ( !user.isValidated() )
146                 {
147                     log.info( "user {} not validated", user.getUsername() );
148                     return null;
149                 }
150                 User restUser = buildRestUser( user );
151                 restUser.setReadOnly( securitySystem.userManagerReadOnly() );
152                 // here create an http session
153                 httpAuthenticator.authenticate( authDataSource, httpServletRequest.getSession( true ) );
154                 return restUser;
155             }
156             if ( securitySession.getAuthenticationResult() != null
157                 && securitySession.getAuthenticationResult().getAuthenticationFailureCauses() != null )
158             {
159                 List<ErrorMessage> errorMessages = new ArrayList<ErrorMessage>();
160                 for ( AuthenticationFailureCause authenticationFailureCause : securitySession.getAuthenticationResult().getAuthenticationFailureCauses() )
161                 {
162                     if ( authenticationFailureCause.getCause() == AuthenticationConstants.AUTHN_NO_SUCH_USER )
163                     {
164                         errorMessages.add( new ErrorMessage( "incorrect.username.password" ) );
165                     }
166                     else
167                     {
168                         errorMessages.add( new ErrorMessage().message( authenticationFailureCause.getMessage() ) );
169                     }
170                 }
171 
172                 throw new RedbackServiceException( errorMessages );
173             }
174             return null;
175         }
176         catch ( AuthenticationException e )
177         {
178             throw new RedbackServiceException( e.getMessage(), Response.Status.FORBIDDEN.getStatusCode() );
179         }
180         catch ( UserNotFoundException e )
181         {
182             throw new RedbackServiceException( e.getMessage() );
183         }
184         catch ( AccountLockedException e )
185         {
186             throw new RedbackServiceException( e.getMessage() );
187         }
188         catch ( MustChangePasswordException e )
189         {
190             return buildRestUser( e.getUser() );
191         }
192         catch ( UserManagerException e )
193         {
194             log.info( "UserManagerException: {}", e.getMessage() );
195             List<ErrorMessage> errorMessages =
196                 Arrays.asList( new ErrorMessage().message( "UserManagerException: " + e.getMessage() ) );
197             throw new RedbackServiceException( errorMessages );
198         }
199 
200     }
201 
202     public User isLogged()
203         throws RedbackServiceException
204     {
205         SecuritySession securitySession = httpAuthenticator.getSecuritySession( httpServletRequest.getSession( true ) );
206         Boolean isLogged = securitySession != null;
207         log.debug( "isLogged {}", isLogged );
208         return isLogged && securitySession.getUser() != null ? buildRestUser( securitySession.getUser() ) : null;
209     }
210 
211     public Boolean logout()
212         throws RedbackServiceException
213     {
214         HttpSession httpSession = httpServletRequest.getSession();
215         if ( httpSession != null )
216         {
217             httpSession.invalidate();
218         }
219         return Boolean.TRUE;
220     }
221 
222     private Calendar getNowGMT()
223     {
224         return Calendar.getInstance( TimeZone.getTimeZone( "GMT" ) );
225     }
226 
227     private User buildRestUser( org.apache.archiva.redback.users.User user )
228     {
229         User restUser = new User();
230         restUser.setEmail( user.getEmail() );
231         restUser.setUsername( user.getUsername() );
232         restUser.setPasswordChangeRequired( user.isPasswordChangeRequired() );
233         restUser.setLocked( user.isLocked() );
234         restUser.setValidated( user.isValidated() );
235         restUser.setFullName( user.getFullName() );
236         return restUser;
237     }
238 }